Sponsored Link

Deleting a file or reformatting a disk does not destroy your sensitive data. The data can easily be undeleted. That's a good thing if you accidentally throw something away, but what if your trying to destroy financial data, bank account passwords, or classified company information. In this article you will learn number of tools to delete files securely in ubuntu Linux1) Shred

Although it has some important limitations, the shred command can be useful for destroying files so that their contents are very difficult or impossible to recover. shred accomplishes its destruction by repeatedly overwriting files with data patterns designed to do maximum damage so that it becomes difficult to recover data even using high-sensitivity data recovery equipment1.

Deleting a file with the rm command does not actually destroy the data; it merely destroys an index listing the location of the file and makes the file's data blocks available for reuse. Thus, a file deleted with rm can be easily recovered using special utilities or commands if its freed data blocks have not yet been reused. However, on an active system with a nearly full hard disk drive (HDD), freed space can be reused in a matter of minutes or even seconds.

Click on the Conditions tab Under the “Appears if selection contains“, check “Only files” (If you want files and folders select Both).Check the box “Appears if selection has multiple files or folders“. Click OK

After adding you should see similar to the following screen click close

Open up a terminal, run the following commands to update the nautiuls

nautilus -q

nautilus

Now this will open nautilus window Now right click on any files, you should be able to see the shred command in the menu.

wipe

wipe is a little command for securely erasing files from magnetic media. It compiles under various unix platforms, including Linux 2.*, (Open+Net+Free)BSD, aix 4.1, SunOS 5.5.1, Solaris 2.6. Recovery of supposedly erased data from magnetic media is easier than what many people would like to believe. A technique called Magnetic Force Microscopy (MFM) allows any moderately funded opponent to recover the last two or three layers of data written to disk. Wipe repeatedly writes special patterns to the files to be destroyed, using the fsync() call and/or the O_SYNC bit to force disk access.

Install wipe in Ubuntu

sudo aptitude install wipe

wipe Syntax

wipe [options] path1 path2 ... pathn

Wipe Examples

Wipe every file and every directory (option -r) listed under /home/berke/plaintext/, including /home/berke/plaintext/.Regular files will be wiped with 34 passes and their sizes will then be halved a random number of times. Special files (character and block devices, FIFOs...) will not. All directory entries (files, special files and directories) will be renamed 10 times and then unlinked. Things with inappropriate permissions will be chmod()'ed (option -c). All of this will happen without user confirmation (option -f).

wipe -rcf /home/berke/plaintext/

Assuming /dev/hda3 is the block device corresponding to the third partition of the master drive on the primary IDE interface, it will be wiped in quick mode (option -q) i.e. with four random passes. The inode won't be renamed or unlinked (option -k). Before starting, it will ask you to type "yes".

wipe -kq /dev/hda3

Since wipe never follows symlinks unless explicitly told to do so, if you want to wipe /dev/floppy which happens to be a symlink to /dev/fd0u1440 you will have to specify the -D option. Before starting, it will ask you to type "yes".

wipe -kqD /dev/floppy

Here, wipe will recursively (option -r) destroy everything under /var/log, excepting /var/log. It will not attempt to chmod() things. It will however be verbose (option -i). It won't ask you to type "yes" because of the -f option.

wipe -rfi >wipe.log /var/log/*

Due to various idiosyncracies of the operating system, it's not always easy to obtain the number of bytes a given device might contain (in fact, that quantity can be variable). This is why you sometimes need to tell wipe the amount of bytes to destroy. That's what the -l option is for. Plus, you can use b,K,M and G as multipliers, respectively for 2^9 (512), 2^10 (1024 or a Kilo), 2^20 (a Mega) and 2^30 (a Giga) bytes. You can even combine more than one multiplier !! So that 1M416K = 1474560 bytes.

wipe -Kq -l 1440k /dev/fd0

Adding Wipe to Nautilus menu in Ubuntu

First Install nautilus-actions package using the following command in the terminal

sudo aptitude install nautilus-actions

Now Open up Nautilus Actions Configuration from System->Preference->Nautilus Actions Configuration Click Add

Click on the Conditions tab Under the “Appears if selection contains“, check “both”

Check the box “Appears if selection has multiple files or folders“. Click OK

Open up a terminal, run the following commands to update the nautiuls

nautilus -q

nautilus

From Now right click on any files, you should be able to see the wipe command in the menu.You can check above procedure for screenshots.

Secure-Delete tools

Tools to wipe files, free disk space, swap and memoryEven if you overwrite a file 10+ times, it can still be recovered. This package contains tools to securely wipe data from files, free disk space, swap and memory.

The Secure-Delete tools are a particularly useful set of programs that use advanced techniques to permanently delete files. To install the Secure-Delete tools in Ubuntu, run the following command

sudo aptitude install secure-delete

The Secure-Delete package comes with the following commands

srm(Secure remove) -- used for deleting files or directories currently on your hard disk.

sfill(Secure free space wiper) -- used to wipe all traces of data from the free space on your disk.

sswap(Secure swap wiper) -- used to wipe all traces of data from your swap partition.

srm -- Secure remove

srm removes each specified file by overwriting, renaming, and truncat-ing it before unlinking. This prevents other people from undeleting or recovering any information about the file from the command line.

srm, like every program that uses the getopt function to parse its arguments, lets you use the --- option to indicate that all arguments are non-options. To remove a file called ‘-f' in the current directory, you could type either "srm --- -f" or "srm ./-f".

smem is designed to delete data which may lie still in your memory (RAM) in a secure manner which can not be recovered by thiefs, law enforcement or other threats. Note that with the new SDRAMs, data will not wither away but will be kept static -- it is easy to extract the necessary information! The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

smem Syntax

smem [-f] [-l] [-l] [-v]

Available Options

-f -- fast (and insecure mode): no /dev/urandom.

-l -- lessens the security. Only two passes are written: the first with 0x00 and a final random one.

-l -l for a second time lessons the security even more: only one pass with 0x00 is written.

-v -- verbose mode

sfill -- secure free space wipe

sfill is designed to delete data which lies on available diskspace on mediums in a secure manner which can not be recovered by thiefs, law enforcement or other threats. The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

sfill Syntax

sfill [-f] [-i] [-I] [-l] [-l] [-v] [-z] directory/mountpoint

Available Option

-f -- fast (and insecure mode): no /dev/urandom, no synchronize mode.

-i -- wipe only free inode space, not free disk space

-I -wipe only free disk space, not free inode space

-l -lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.

-l -l for a second time lessons the security even more: only one random pass is written.

-v -- verbose mode

-z -- wipes the last write with zeros instead of random data

directory/mountpoint this is the location of the file created in your filesystem. It should lie on the partition you want to write.

sswap -- Secure swap wiper

sswap is designed to delete data which may lie still on your swapspace in a secure manner which can not be recovered by thiefs, law enforce?ment or other threats.The wipe algorythm is based on the paper "Secure Deletion of Data from Magnetic and Solid-State Memory" pre?sented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

sswap Syntax

sswap [-f] [-l] [-l] [-v] [-z] swapdevice

Available Option

-f -- fast (and insecure mode): no /dev/urandom, no synchronize mode.

-l -- lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.

-l -l for a second time lessons the security even more: only one pass with random values is written.

-v -- verbose mode

-z -- wipes the last write with zeros instead of random data

sswap Examples

Before you start using sswap you must disable your swap partition.You can determine your mounted swap devices using the following command

cat /proc/swaps

Disable swap using the following command

sudo swapoff /dev/sda3

/dev/sda3 -- This is my swap device

Once your swap device is disabled, you can wipe it with sswipe using the following command

sudo sswap /dev/sda3

After completing the above command you need to re-enable swap using the following command

sudo swapon /dev/sda3

Other Tool

DBAN

Darik's Boot and Nuke ("DBAN") is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.

30 thoughts on “Tools to delete files securely in ubuntu Linux”

Modern HDD’s automagically remap weak sectors. Flash drives do wear-levelling. Both of these could cause some (if not all) of the over-writing passes to miss the physical media that held you data.
There are various levels of caching which may prevent the shred pattern from being physically written to disk.

These software tools are great for a bit of peace-of-mind, but if you _really_ want to kill stuff use physical means (heat, impact, grinder etc.). Oh, and then make sure there are no backups or archives 🙂

Also…. shadows of your data may survive even after the original file is gone (print-spool, ‘recently opened documents’ list, thumbprints, print-preview, auto-saves etc. etc.)

Filesystems are mostly about meta-data (information about the file, like name, modification date, owner, permissions etc). A journaling filesystem (like ext3) can make deleting this stuff more difficult (but then, this sort of stuff is ghosted in places like recent-documents lists and slocate databases so it’s almost impossible to get rid of anyway). Metadata writes are usually small making caching a bigger concern.

Some journalling filesystems (incl. ext3) can be set to journal data as well as metadata writes, but this is is a huge write penalty and therefore very unusual (if you want that level of reliability get a battery-backed RAID array).

Wiping over NFS or over a journalling filesystem (ReiserFS etc.) will most probably not work.

Reading between the lines, though, what you say makes sense: ‘wipe’ and ‘shred’ should work on ext3 so long as it is not in Journal mode. And in Ubuntu, Ordered mode is the default, at least according to the ‘mount’ man page.

As has already being said, the methods explained are not necessarily secure. (But it’s also not always necessary to physically destroy the drive.)

Securely deleting one single file on a partition requires to securely wipe that whole partition. After that, some of the data may still survive in swap space or RAM, therefore you have to use multiple measures for deleting files.

On a side note, why to spoil this article with completely uninteresting tips how to ad functions “to Nautilus menu in Ubuntu”?
I don’t see why I should use Nautilus or Ubuntu[1], for that matter, that is not interesting at all. Maybe you should have put these tips on separate pages and just linked them here.

[1] I know this site is specifically about Ubuntu, but wiping data and changing settings in Nautilus are two different an unrelated things. Well, and while I indeed do use Ubuntu from time to time, I only use the server edition and Kubuntu, no Nautilus at all.

Securely deleting one single file on a partition requires to securely wipe that whole partition.

That depends on how paranoid you are, and (despite what I said earlier) your filesystem.

A filesystem with transparent compression (like NTFS) can mess up wipes: the overwrite patterns will compress to a different degree than the original data so they will not use the same number of (and hence identical) sectors.

Though shred tries to disable caching it may still be present and might just be sufficient to prevent rewrites from actually ever reaching the ‘bare metal’. Network filesystems introduce even more caching (and remove even more control) so don’t bother shredding network mounted drives.

Disks automagically remap weak sectors. If part of your file is on a weak sector then it might get remapped, preventing the numerous rewrites that should be destroying the data.

If you’re going to give away a disk then shred the whole thing, that should keep things reasonably safe.
It you’re at all worried then take to the old disk with an axe and buy a new one.

Isn’t the easiest way to wipe a disk with a tool to use badblocks destructive write test iterate over it until it’s done all blocks on the drive? or have dd write out 0’s? sure that doesn’t help with individual files… but you don’t need any special tool either.

as far as data_journal it speeds up reads and reads while writing in ext3 (maybe ext4?) and many people may not realize this… but in most use cases you spend more time reading from your fs than writing to it.

“””For more details, see the source code and Peter Gutmann’s paper `Secure
Deletion of Data from Magnetic and Solid-State Memory’
(http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html), from the
proceedings of the Sixth USENIX Security Symposium (San Jose,
California, July 22-25, 1996).”””

I for one appreciate the ‘add to nautilus’ section of this article. Very end user friendly and accesible. And I do think it is very relevant how the average not to user (or a geeks grandmother) can have a litle piece of mind.

I for one appreciate the ‘add to nautilus’ section of this article. Very end user friendly and accesible.

Yes, although it really doesn’t interest me in any way, I think this piece of information may be very important for others, therefore, it shouldn’t be simply erased. But still, it wouldn’t interrupt the reading flow as much if these instructions were only linked to from this page.

2 cents

My 2.5 cents added. 😉

@Thomas (or whoever posted this article):
I forgot to rant about the hyphens; WordPress or some other software with auto-error-insertion replaced the two hyphens (I’ll try it here: “–“) with an n-dash; that’s somewhat disturbing when occurring with options (like “-v, –verbose”).

In file-by-file mode shred can, at best, securely delete the sectors currently allocated to a file
(as none of these tools can guarantee that all caching is disabled, or that the exact same sectors will be used in the re-writes, they cannot even do that).

If the file recently shrunk then the de-allocated sectors won’t be wiped.

Many applications save new versions of working data in a new file (rather than replacing the old date in-situ) leaving ghost copies on your disk. Then there are backups, spool files, intermediate working files, …
In short, deleting the current working file may not be enough.

Nautilus may not show backup files created by various applications (this can be mitigated by selecting “show hidden files”).

Having a nautilus option to shred is user-friendly, but using it without understanding the limitations it dangerous, all you get is a false sense of security.

Unfortunately “user friendly” and “secure” are often opposite (worse still, people often confuse “user friendly” with “useful” and thus sacrifice too much security in order to gain productivity).

All I’d recommend to novice users is dban-ing disks before disposing of them.
Anything else isn’t fool-proof enough for the novice user.

I wanted to add SRM to nautilus and did so successfully, but wanted to know if there is a way to get SRM to confirm or prompt you before deleting (shredding, removing etc) the file or folder?

I tried adding -i in the parameters (in nautilus) but then srm would not function. I then tried using -i in the terminal and I got a message that it was an invalid function (or something to that effect).

Any ideas how to get a prompt before nuking my files?

Disclaimer: I’m a total noobie with linux (and this site has been a huge help).

I tried SFILL. What a nightmare! It consumed 100% of the CPU on my old laptop for hours and did its best to melt my CPU. I was afraid to CTRL-C out of it while it worked on my partition so I started up a fan and pointed it at the laptop while SFILL ran. This held the internal temps down to hot 74 degrees.

SFILL needs a flag to tell how many passes to make (like most such programs offer). Perhaps the -l or -ll flags mean fewer passes? It’s not clear from the man pages.

As posters note, to truly protect a disk against forensics you need to physically destroy it. But for practical purposes I’ve used DBAN and trust it — you can set the number of passes as high as you want.

A sudo sfill -v / session is working on my system disk for more than ten days, adding * after * after * on my terminal screen. Already 6 *. I run Netty on 600 Go disk, and a secondary 2 To disk is also mounted.
Could someone tell my how to kill it securely ?